Bug 1330809 - SELinux is preventing qemu-system-x86 from 'read' accesses on the file +usb:2-1:1.0.
Summary: SELinux is preventing qemu-system-x86 from 'read' accesses on the file +usb:2...
Keywords:
Status: CLOSED DUPLICATE of bug 1276873
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 24
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:ffcdb9988f16f8a88ff74a11029...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-27 02:54 UTC by lnie
Modified: 2016-09-03 13:59 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-27 12:03:22 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description lnie 2016-04-27 02:54:48 UTC 
Description of problem:
After create a bootable usb disk using dd command,and do a installation on a  kvm-based VM,you will get  this AVC and a "no bootable device " on the VM screen  immediately .This is really annoying and I have to do "setenforce 0" to start my installation.
SELinux is preventing qemu-system-x86 from 'read' accesses on the file +usb:2-1:1.0.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that qemu-system-x86 should be allowed read access on the +usb:2-1:1.0 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-system-x86 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:svirt_t:s0:c519,c701
Target Context                system_u:object_r:udev_var_run_t:s0
Target Objects                +usb:2-1:1.0 [ file ]
Source                        qemu-system-x86
Source Path                   qemu-system-x86
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-179.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.5.0-0.rc7.git0.2.fc24.x86_64 #1
                              SMP Tue Mar 8 02:20:08 UTC 2016 x86_64 x86_64
Alert Count                   14
First Seen                    2016-04-27 10:42:08 CST
Last Seen                     2016-04-27 10:42:08 CST
Local ID                      0efbc2e3-0bfd-42db-ae87-072b38235fd3

Raw Audit Messages
type=AVC msg=audit(1461724928.915:445): avc:  denied  { read } for  pid=2865 comm="qemu-system-x86" name="+usb:2-1:1.0" dev="tmpfs" ino=17617 scontext=system_u:system_r:svirt_t:s0:c519,c701 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0


Hash: qemu-system-x86,svirt_t,udev_var_run_t,file,read

Version-Release number of selected component:
selinux-policy-3.13.1-179.fc24.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.5.0-0.rc7.git0.2.fc24.x86_64
type:           libreport

Potential duplicate: bug 1276873
Comment 1 Lukas Vrabec 2016-04-27 12:03:22 UTC 

*** This bug has been marked as a duplicate of bug 1276873 ***
Comment 2 Vasco Rodrigues 2016-09-03 13:59:00 UTC 
Get the same problem, with version selinux-policy-3.13.1-191.14.fc24.noarch

I think this shouldn't be marked as duplicated as the fedora versions are not the same, this is for version 24 and the other is for 23.
Note You need to log in before you can comment on or make changes to this bug.